The windows are increasingly trying to stop viruses and malware, even if you don't have the best protection software installed.
So malware developers have to be very creative to infect systems. Attacks using Windows 7's Calculator application have therefore recently been observed.
X X X X X X X X X X X X X X X X security "ProxyLife" He discovered that some malware and phishing attacks are using Windows 7's Calculator app to break into modern Windows PCs, Bleeping Computer reports.
The attack starts by tricking someone into downloading an ISO disc image disguised as a PDF or something else archive, which contains a shortcut which opens a malicious copy of the Calculator application.
Why are they using an outdated one version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.
Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they use an older version.
The archives used in the phishing attack, are “calc.exe” from Windows 7 and two ProxyLife DLL files
It's not yet clear if Microsoft has updated Defender to recognize this type of attack, but if you're not downloading files from strange websites (or email attachments from people you don't know), you probably don't need to worry.
Update:
On our Facebook page we saw comments questioning the above, using Microsoft's non-support of Windows 7 as justification. You should read the whole text before judging it.
So above we mention:
“Why are they using an outdated version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.”
Attackers use an older application to attack new systems:
“Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they're using an older version.”